Cato Networks, Nfinit, Masergy, ESET Help Ransomware Victims

Cato Networks, Nfinit, Masergy, ESET Take Up Fight Against Ransomware

Written by Edward Gately
March 15, 2022

Most breaches are preventable if organizations would follow their own security policies.

… find a needle in a haystack. They effectively have become integration engineers instead of focusing on what they were brought in for, security research. No wonder the burnout is at an all-time high in security, and even more so for CISOs. Organizations need to understand if they are adding fat or muscle every time they add a new security tool; and yes, I blame the security industry for making it complex where simple, yet not simplistic, solutions are in order.

KJ: The recent breaches that I have been around were preventable if the organization would have just followed their own security policies. Those are basics like:

Scan a vendor’s PC before you let it on your network.
Stay up to date on firewall patches.
Don’t use administrator credentials unless you absolutely need to.
Segment your network.
Institute a least privilege access process.
Educate your employees and test them regularly.

Cybersecurity providers can help in all of these areas. Ensure IT knows how to scan new devices. Offer patching services. Review, make recommendations and make changes to firewall rules. Help companies set up phishing campaign test software and education programs.

CF: Are there lessons learned about ransomware from the pandemic? If so, what are those?

EM: No. 1, anyone and everyone is a target for ransomware. No. 2, it’s great to save money with employees working from home, but now you have to secure these employees and their connections to your infrastructure. No. 3, your third-party/supply chain is you. If they get compromised, your data is on the line as well. No. 4, it’s the simple things – misconfigured security solutions, unpatched systems, easy-to-guess passwords, open ports and service, far from real-time network monitoring – its easy to become the low-hanging fruit and it’s just as easy to solve that problem.

KJ: Communications plans go out the window and you end up reverting to cellphones and text messaging for communications. Having an individual in the C-suite named in advance to interact with the insurance company is critical. Don’t tell the hackers that you have insurance. Secure sockets layer (SSL) VPN is your friend.

CF: So what do you hope attendees can learn and make use of from this session?

EM: I hope attendees learn from different perspectives and experiences on what they can do to better prepare and respond to ransomware threats. This threat is not going away, and will only continue to grow, especially with the current geopolitical situation. This is a must-know for any organization.

KJ: There are steps you can take to prevent and prepare for ransomware. When you get hit with ransomware, your level of preparation will impact your ability to recover.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.